github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 22:52:35 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
b2ae824798
linux/net
History
wenxu 6d26c375a4 netfilter: nft_flow_offload: fix interaction with vrf slave device 
[ Upstream commit 10f4e76587 ]

In the forward chain, the iif is changed from slave device to master vrf
device. Thus, flow offload does not find a match on the lower slave
device.

This patch uses the cached route, ie. dst->dev, to update the iif and
oif fields in the flow entry.

After this patch, the following example works fine:

 # ip addr add dev eth0 1.1.1.1/24
 # ip addr add dev eth1 10.0.0.1/24
 # ip link add user1 type vrf table 1
 # ip l set user1 up
 # ip l set dev eth0 master user1
 # ip l set dev eth1 master user1

 # nft add table firewall
 # nft add flowtable f fb1 { hook ingress priority 0 \; devices = { eth0, eth1 } \; }
 # nft add chain f ftb-all {type filter hook forward priority 0 \; policy accept \; }
 # nft add rule f ftb-all ct zone 1 ip protocol tcp flow offload @fb1
 # nft add rule f ftb-all ct zone 1 ip protocol udp flow offload @fb1

Signed-off-by: wenxu <wenxu@ucloud.cn>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2019-02-27 10:08:54 +01:00
..
6lowpan
9p 9p/net: put a lower bound on msize 2019-01-13 09:51:08 +01:00
802
8021q
appletalk
atm Revert "net: simplify sock_poll_wait" 2018-11-04 14:50:51 +01:00
ax25 ax25: fix possible use-after-free 2019-02-23 09:07:27 +01:00
batman-adv batman-adv: Force mac header to start of data on xmit 2019-02-15 08:10:13 +01:00
bluetooth Bluetooth: Fix unnecessary error message for HCI request completion 2019-01-26 09:32:44 +01:00
bpf
bpfilter net: bpfilter: use get_pid_task instead of pid_task 2018-10-17 22:03:40 -07:00
bridge net: Fix usage of pskb_trim_rcsum 2019-01-31 08:14:31 +01:00
caif Revert "net: simplify sock_poll_wait" 2018-11-04 14:50:51 +01:00
can can: bcm: check timer values before ktime conversion 2019-01-31 08:14:39 +01:00
ceph libceph: handle an empty authorize reply 2019-02-27 10:08:50 +01:00
core bpf: correctly set initial window on active Fast Open sender 2019-02-27 10:08:54 +01:00
dcb
dccp dccp: fool proof ccid_hc_[rt]x_parse_options() 2019-02-12 19:47:21 +01:00
decnet decnet: fix using plain integer as NULL warning 2018-08-09 14:11:24 -07:00
dns_resolver
dsa net: dsa: slave: Don't propagate flag changes on down slave interfaces 2019-02-12 19:47:22 +01:00
ethernet
hsr
ieee802154 ieee802154: lowpan_header_create check must check daddr 2019-01-09 17:38:31 +01:00
ife
ipv4 netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs 2019-02-23 09:07:27 +01:00
ipv6 bpf: Fix [::] -> [::1] rewrite in sys_sendmsg 2019-02-27 10:08:52 +01:00
iucv Revert "net: simplify sock_poll_wait" 2018-11-04 14:50:51 +01:00
kcm Revert "kcm: remove any offset before parsing messages" 2018-09-17 18:43:42 -07:00
key
l2tp l2tp: fix reading optional fields of L2TPv3 2019-02-06 17:30:06 +01:00
l3mdev
lapb
llc llc: do not use sk_eat_skb() 2018-12-01 09:37:27 +01:00
mac80211 mac80211: Free mpath object when rhashtable insertion fails 2019-02-27 10:08:49 +01:00
mac802154
mpls mpls: allow routes on ip6gre devices 2018-09-24 12:19:27 -07:00
ncsi net/ncsi: Fixup .dumpit message flags and ID check in Netlink handler 2018-08-22 21:39:08 -07:00
netfilter netfilter: nft_flow_offload: fix interaction with vrf slave device 2019-02-27 10:08:54 +01:00
netlabel netlabel: check for IPV4MASK in addrinfo_get 2018-09-21 18:58:34 -07:00
netlink
netrom netrom: switch to sock timer API 2019-02-06 17:30:07 +01:00
nfc Revert "net: simplify sock_poll_wait" 2018-11-04 14:50:51 +01:00
nsh
openvswitch openvswitch: Avoid OOB read when parsing flow nlattrs 2019-01-31 08:14:32 +01:00
packet af_packet: fix raw sockets over 6in4 tunnel 2019-02-23 09:07:24 +01:00
phonet
psample
qrtr
rds rds: fix refcount bug in rds_sock_addref 2019-02-12 19:47:22 +01:00
rfkill Here are quite a large number of fixes, notably: 2018-09-03 22:12:02 -07:00
rose net/rose: fix NULL ax25_cb kernel panic 2019-02-06 17:30:07 +01:00
rxrpc rxrpc: bad unlock balance in rxrpc_recvmsg 2019-02-12 19:47:22 +01:00
sched net/sched: cls_flower: allocate mask dynamically in fl_change() 2019-01-31 08:14:33 +01:00
sctp sctp: walk the list of asoc safely 2019-02-12 19:47:22 +01:00
smc smc: move unhash as early as possible in smc_release() 2019-01-22 21:40:31 +01:00
strparser
sunrpc xprtrdma: Double free in rpcrdma_sendctxs_create() 2019-02-27 10:08:53 +01:00
switchdev
tipc tipc: fix node keep alive interval calculation 2019-02-12 19:47:06 +01:00
tls net/tls: Init routines in create_ctx 2019-01-13 09:51:00 +01:00
unix Revert "net: simplify sock_poll_wait" 2018-11-04 14:50:51 +01:00
vmw_vsock vsock: cope with memory allocation failure at socket creation time 2019-02-23 09:07:25 +01:00
wimax
wireless nl80211: fix memory leak if validate_pae_over_nl80211() fails 2019-01-13 09:51:02 +01:00
x25 net/x25: do not hold the cpu too long in x25_new_lci() 2019-02-23 09:07:27 +01:00
xdp xsk: do not call synchronize_net() under RCU read lock 2018-10-11 10:19:01 +02:00
xfrm xfrm: refine validation of template and selector families 2019-02-15 08:10:13 +01:00
compat.c sock: Make sock->sk_stamp thread-safe 2019-01-09 17:38:33 +01:00
Kconfig
Makefile
socket.c net: socket: fix a missing-check bug 2018-10-18 16:43:06 -07:00
sysctl_net.c